Dynamic trust evaluation framework for federated cloud environment - PowerPoint PPT Presentation

Loading...

PPT – Dynamic trust evaluation framework for federated cloud environment PowerPoint presentation | free to download - id: 6d51db-ZGFkN



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Dynamic trust evaluation framework for federated cloud environment

Description:

Introduction. Parallel Computing. Grid / Cluster Computing . Cloud Computing. Cloud Federation. Grid/Cluster computing:1) Back in 1970, IBM scientist proposed an idea ... – PowerPoint PPT presentation

Number of Views:12
Avg rating:3.0/5.0
Date added: 26 July 2019
Slides: 38
Provided by: edup62
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Dynamic trust evaluation framework for federated cloud environment


1
Dynamic trust evaluation framework for federated
cloud environment
  • 2012-Fowz Masood-NUST-MS-CCS-23

Supervisor Dr. Awais Shibli Committee Members
Dr. Abdul Ghafoor, Ms. Hirra Anwar, Ms. Rahat
Masood
2
Agenda
  • Introduction
  • Cloud federation
  • Literature review
  • Industrial survey
  • Research findings
  • Research methodology
  • Problem statement
  • Objectives
  • Contribution
  • Implementation detail
  • Workflow
  • Evaluation
  • Response from international community
  • Future direction
  • References

3
Introduction
4
Overview of Cloud Computing
5
Cloud Federation
  • Different CSPs join together to form a federation
  • Benefits include
  • Maximize resource utilization
  • Minimize power consumption
  • Load balancing
  • Cloud bursting
  • Global Unity
  • Expand Cloud providers geographic footprints

6
Contd
Home Cloud
Distribute the load of customers across the home
cloud boundary
Foreign Cloud
Foreign Cloud
7
Motivation
  1. CERN and Rackspace are probing the possibility of
    true federated hybrid clouds built on OpenStack.

8
Literature Review
  • Cloud federation
  • 2010
  • Cloud brokering and strategies
  • Facilitating self-adaptable Inter-Cloud
    management
  • Dynamic resource allocation
  • 2011
  • Security challenges faced by Cloud federation
  • Trust issues in horizontal Cloud federation
  • Secure data sharing schemes
  • 2012
  • Trust establishment between Clouds
  • Malicious service components
  • Virtual machine migration and monitoring
  • Secure data sharing
  • Limited audibility

9
Literature Review
  • Trust models for Cloud Federation
  • 2009
  • A service level agreement (SLA) scheme was
    proposed to calculate the trustworthiness
  • Both functional and nonfunctional requirements
    are catered for trust establishment
  • 2010
  • A cloud trust model has been proposed, in which
    two levels of hierarchy are added
  • Trust relies on TPM and key management
  • 2011
  • Feedback based trust evaluation for Cloud
    providers
  • Risk management and trust policies for Cloud
    scenarios
  • Use of Quality of Service parameters for trust
    formulation
  • 2012
  • A central entity CSB is used for establishing
    the trust
  • Secure tokens are generated and used along with
    certificates

10
Industrial Survey
11
Contd
Building user trust in cloud computing is one the
top issues
Warwick Ashford Security in the cloud Top nine
issues in building users' trust Online, April
2011 http//www.computerweekly.com/feature/Securit
y-in-the-cloud-Top-nine-issues-in-building-users-t
rust
12
Research Findings
  • Trust models
  • Lack of trust establishment schemes is causing
    hindrance in formation of cloud federation.
  • To overcome it, different trust models have been
    proposed.
  • Trust models were static.
  • One time check only.
  • Preventive in nature rather being
    detective/corrective.
  • Cryptographic techniques are computationally
    expensive.
  • Require third party for verification.

13
Research Methodology
14
Contd
15
Problem Statement
  • The performance of a CSP in a cloud federation
    can deteriorate over the time, in this case the
    existing trust evaluation schemes fail to provide
    an appropriate security solution.

16
Objectives
17
Contributions Research Perspective
  • Research Paper 1
  • Fowz Masood, Hirra Anwar and Muhammad Awais
    Shibli Enhancing trust in cloud federation by
    using risk based Access Control, IEEE, Frontiers
    of Information Technology (FIT), 2014. under
    review
  • Journal Paper 1
  • Fowz Masood, Ayesha Kanwal and Muhammad Awais
    Shibli Dynamic trust evaluation framework for
    cloud federation, John Wiley Sons, Ltd.,
    Security and Communication Networks (SCN), 2014.
    under review

18
Contributions Implementation Perspective
  • Implementation of dynamic trust evaluation
    framework
  • Interpreted and implemented risk based access
    control into a standard policy language (XACML).
  • Implemented a monitoring module for continuous
    evaluation of CSP.
  • Used SAML 2.0 for exchange of credentials and
    communication between clouds.

19
Implementation Development Toolkit
  • Eclipse (JAVA)
  • Apache Tomcat Server
  • eXtensible Access Control Markup Language (XACML)
    and SAML
  • CloudSim

20
Extension of existing work
SLA collection module
Feedback collection module
Trust evaluation module
Communication
Services
Services
Foreign Cloud
Home Cloud
Services
Foreign Cloud
Ayesha Kanwal Establishment and propagation of
trust in federated cloud environment October 2012
21
Implementation Architecture
22
Contd
  • Trust evaluation module
  • Responsible for calculating the trust score of a
    CSP and forming federation.
  • Uses SLA and Feedback for trust calculation.
  • Risk based access control module
  • Risk engine is responsible for calculating a risk
    threshold value, which is generated from the
    security features required by user
  • Also, Risk engine computes the risk score value
    from trust score
  • Monitoring module continuously monitors the trust
    score of a CSP, incase of an update in trust
    score value, it passes the trust score value to
    Risk Engine.

 
 
 
23
Why RAC model ?
  • Various access control models (ABAC, RBAC) exist
    to date but cloud requires a dynamic access
    control model.
  • What is dynamic access control model ?
  • Dynamic access control models use various
    parameters along with the predefined policy for
    computing the access decision. Parameters such as
    trust, context, history, risk etc.
  • Risk based access control model calculates the
    risk score on fly and then makes decision of
    granting or denying access.
  • We have used the trust score value for deriving
    the risk score.

24
Components of RAC module
  • Policy Administration Point (PAP)
  • Policy Enforcement Point (PEP)
  • Policy Decision Point (PDP)
  • Risk Engine
  • Risk threshold calculation
  • Risk score calculation
  • Monitoring Module
  • Policy Repository (PR)

25
RAC model core components
26
Mapping of RAC model
27
Workflow Trust Evaluation
 
28
Workflow Risk calculation
 
 
29
Performance Evaluation
  • Cloudsim is a A Framework For Modeling And
    Simulation Of Cloud Computing Infrastructures And
    Services, developed by CLOUDS Lab, Australia.
  • We have mapped our proposed framework in Cloudsim
    for the performance evaluation of it.
  • Results indicate that our proposed framework gave
    optimum results.

30
Cloudsim parameters
Sn. Parameters Details
01 Number of Datacenters 01
02 Number of Host 01
  RAM assigned to Host 4096 (MB)
  Storage assigned to Host 20000 (MB)
  Bandwidth assigned to Host 10000
  MIPS assigned to Host 100000
03 Number of virtual machines (VM) 01/02/04
  RAM assigned to VM 4096 (MB)
  Storage assigned to VM 20000 (MB)
  Bandwidth assigned to VM 10000
  MIPS assigned to VM 10000
Number of CPUs assigned to VM 01
31
Results
32
Community Response
  1. I believe that your idea of confidentiality,
    integrity and availability is very interesting.
    Actually, I think you can explore many
    possibilities these three concepts.

33
Conclusion
  • We have analyzed the existing trust establishing
    models for cloud federation. Currently, the trust
    models lack continuous monitoring feature.
  • In this regard, we have proposed and implemented
    a dynamic trust evaluation framework. The
    proposed solution not only provides the
    continuous monitoring feature but also restricts
    access to CSPs giving services below the client
    requirements.

34
Future Direction
  • To test our framework against different threat
    models.
  • The security of our proposed framework can be
    further enhanced by encrypting the security
    policies and by securing the request and
    responses generated by PDP server (XML
    encryption/signature).

35
References
  • 1 Khalid Zaman Bijon, Ram Krishnan, Ravi
    Sandhu, Risk-Aware RBAC Sessions, 8th
    International Conference, ICISS 2012, Guwahati,
    India, December 15-19, 2012.
  • 2 Liang Chen, Jason Crampton, Risk-Aware
    Role-Based Access Control, 7th International
    Workshop, STM 2011, Copenhagen, Denmark, June
    27-28, 2011.
  • 3 Kandala, S, Sandhu, R., Bhamidipati, V., An
    Attribute Based Framework for Risk-Adaptive
    Access Control Models, Availability, Reliability
    and Security (ARES), 2011 Sixth International
    Conference, 2011.
  • 4 David Brossard XACML 101 a quick intro to
    Attribute-based Access Control with XACML, web
    www.webframer.eu, September 30, 2010.
  • 5 Jaehong Park Inst. for Cyber Security, Univ.
    of Texas at San Antonio, San Antonio, TX, USA
    Dang Nguyen Sandhu, R., A provenance-based
    access control model, Privacy, Security and
    Trust (PST), 2012 Tenth Annual International
    Conference on, 16-18 July 2012.
  • 6 Yuan Cheng Inst. for Cyber Security, Univ.
    of Texas at San Antonio, San Antonio, TX, USA
    Jaehong Park Sandhu, R., Relationship-Based
    Access Control for Online Social Networks Beyond
    User-to-User Relationships, Privacy, Security,
    Risk and Trust (PASSAT), 2012 International
    Conference on and 2012 International Conference
    on Social Computing (SocialCom), 3-5 Sept. 2012.
  • 7 Dimitrios Zissis, Dimitrios Lekkas ,
    Addressing cloud computing security issues,
    Future Generation Computer Systems, March 2012.
  • 8 Sandeep K. Sood, A combined approach to
    ensure data security in cloud computing, Journal
    of Network and Computer Applications, November
    2012.

36
References
  • 9 M Singhal, Univ. of California, Merced,
    Merced, CA, USA S Chandrasekhar Ge Tingjian R.
    Sandhu R Krishnan Ahn Gail-Joon Elisa Bertino,
    Purdue University, IN USA Collaboration in
    multicloud computing environments Framework and
    security issues, Computer (Volume46 , Issue 2
    ), Feb. 2013.
  • 10 Mohammed Alhamad, Tharam Dillon, Elizabeth
    Chang SLA-Based Trust Model for Cloud Computing
    13th International Conference on Network-Based
    Information Systems 2010
  • 11 Atul Gohad, Praveen S. Rao1 N Trust
    Establishment within Dynamic Collaborative
    Clouds Cloud Computing in Emerging Markets
    (CCEM), 2012 IEEE International Conference
  • 12 Hiroyuki Sato, Atsushi Kanai, Shigeaki
    TanimotoA Cloud Trust Model in a Security Aware
    Cloud Applications and the Internet (SAINT),
    2010 10th IEEE/IPSJ International Symposium on,
    July 2010
  • 13 Ei Ei Mon, Thinn Thu Naing The
    privacy-aware access control system using
    attribute-and role-based access control in
    private cloud Broadband Network and Multimedia
    Technology (IC-BNMT), 2011 4th IEEE International
    Conference
  • 14 Marcela Roxana Farcasescu Trust Model
    Engines in cloud computing 2012 14th
    International Symposium on Symbolic and Numeric
    Algorithms for Scientific Computing
  • 15 Monoj Kumar Muchahari, Smriti Kumar Sinha A
    New Trust Management Architecture for Cloud
    Computing Environment, 2012 International
    Symposium on Cloud and Services Computing
  • 16 Vijay Varadharajan Udaya Tupakula TREASURE
    Trust Enhanced Security for Cloud Environments
    2012 IEEE 11th International Conference on Trust,
    Security and Privacy in Computing and
    Communications

37
  • THANKYOU

Special thanks to my Supervisor, Committee
members and Maam Ayesha Kanwal
About PowerShow.com